RFR 8171279: Support X25519 and X448 in TLS 1.3

Fri Sep 7 13:34:07 UTC 2018

 > The NamedParameterSpec object holds the name only, and not the key size.
The name is not a meaningless string, it refer to a specific thing.  For 
more examples, please refer to the standard names documentation, every 
name has its specific meaning and the background.  If the name is just a 
meaningless string, there is nothing we can do for it and we may not 
want to define a meaningless API.

The parse of the NamedParameterSpec name is really about the 
implementation details.  For example, for KeyFactory:

    public PublicKey engineGeneratePublic(KeySpec keySpec) {
       if (the algorithm is 'x25519') {
           // use the X25519 parameters, including key size
       } else if ('x448') {
           // use the X25519 parameters, including key size
       }
    }

There are a few alternatice ways.  You can define a enum in the XDH 
provider, or just use switch, or use Map, or something else you like. 
Which one is a better one, it may depends on the implementation details.

Please don't define the x25519 parameters in JSSE.  JSSE should use the 
'x25519' name (via NamedParameterSpec object) only.  The underlying JCE 
provider should take the responsibility to support the 
NamedParameterSpec and defines the internal/private parameters for the 
specific name.

Thanks,
Xuelei

On 9/7/2018 5:49 AM, Adam Petcher wrote:
> On 9/6/2018 4:49 PM, Xuelei Fan wrote:
> 
>> I asked the question in a previous email.  The key size for x25529 is 
>> fixed, right?
> 
> Right.
> 
>>
>> If it is not right, stop here and tell me that it is not right. Keep 
>> reading if it is right.
>>
>> OK, as the key size for x25519 is fixed, when you know the algorithm 
>> is x25519, you know the key size.  Does it sound right to you?
> 
> Possibly right---it depends on what you mean by "know". If all you have 
> is the name, then you need use a static mapping to look up the key length.
> 
>>
>> If it is not right, stop here and tell me that it is not right. 
>> Otherwise, keep reading.
>>
>> From the name you know the key size, when you create a 
>> NamedParameterSpec object for "x25519", you know the name and key size 
>> from the object, right?
> 
> The NamedParameterSpec object holds the name only, and not the key size. 
> We create the NamedParameterSpec from the algorithm name in the 
> NamedGroup enum, which also doesn't have the key size. Are you 
> suggesting that I add the key size to this enum as well? Like this:
> 
>          // x25519 and x448
>          X25519      (0x001D, "x25519", true, "x25519", 255,
>                              ProtocolVersion.PROTOCOLS_TO_13),
>          X448        (0x001E, "x448", true, "x448", 448,
>                              ProtocolVersion.PROTOCOLS_TO_13),
> 
> The constructor will take this length and store it. Then we can get this 
> value out of the NamedGroup in XDHKeyExchange and pass it in to the 
> methods of ECUtil so we don't need to get it from XECParameters. Is this 
> what you had in mind?